WordPress CSP Plugin May 28th, 2010

1 comment

My implementation of the Content Security Policy server logic for WordPress is now available as a WordPress Plugin.

Fig.1 – CSP configuration page making a policy recommendation.

Fig. 2 – New panel in media uploader allows direct creation of script files in the uploads directory.

1 comment on “WordPress CSP Plugin

  1. Elias Athanasopoulos says:
    August 6, 2010 at 1:50 am

    Hi Brandon!

    Well done about CSP! I was wondering how does CSP cope with return-to-JavaScript attacks (i.e. code injections that are based in legitimate white-listed code). You can find more at:

    http://www.ics.forth.gr/~elathan/publications/w2sp09.pdf
    http://www.ics.forth.gr/~elathan/publications/webapps10.pdf

    Regards,
    Elias

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

 

Code

Photos